CMM: add PC-DMIS + combined CMM backup/restore + diagnostic scripts
Adds the PC-DMIS settings/probe backup-restore set alongside the existing goCMM scripts, plus a single combined CMM backup and the diagnostics built while debugging the live bays: - Backup-PCDMISSettings / Install-PCDMISSettings: capture+restore PC-DMIS registry + data/probe/cal files per installed version (2016/2019/2026). Hardened from real-bay failures: detect install dir via Program Files fallback; capture compens.dat (not just comp.dat) + interfac.dll; identify the controller by hash-matching interfac.dll to its source DLL AND reading the PE OriginalFilename (covers rename-without-copy); EXCLUDE the whole Homepage state (Recent/Favorites/DetailsView) which null-refs PC-DMIS on launch via stale routine paths; restore routes HKCU into the target user's hive (-TargetUser ShopFloor), fails loud on a non-backup path, and applies the legacy->new FQDN rewrite across reg + data files incl .bas. - Backup-CMM: one wrapper running goCMM + PC-DMIS (all versions) into one per-CMM folder + index, for staging on PXE and restore-by-machine-number. - Clear-PCDMISRecent: fixes the Homepage recent-list NullReferenceException crash on an already-broken bay. - pcdmis-probe-debug / Export-PCDMISCrashEvents: diagnostics for the custom-probe-not-showing and crash investigations. - Modify-PCDMISRights / Grant-FullControl: grant the operator the registry + filesystem access PC-DMIS needs under lockdown. - Install-goCMMSettings: add .bas to the FQDN-rewrite include list. Not yet wired into 09-Setup-CMM auto-restore - staging + the gated restore block come next. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
110
playbook/shopfloor-setup/gea-shopfloor-cmm/scripts/Modify-PCDMISRights.ps1
Executable file
110
playbook/shopfloor-setup/gea-shopfloor-cmm/scripts/Modify-PCDMISRights.ps1
Executable file
@@ -0,0 +1,110 @@
|
||||
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
|
||||
|
||||
Start-Transcript -Path "C:\Logs\PC-DMISrights.txt" -Append
|
||||
|
||||
# 1. Define the authorized username
|
||||
$authorizedUser = "SupportUser"
|
||||
|
||||
# 2. Check if the current environment user matches
|
||||
if ($env:USERNAME -ne $authorizedUser) {
|
||||
Write-Warning "Unauthorized user detected. Run as SupportUser instead."
|
||||
return
|
||||
}
|
||||
|
||||
# 3. Access granted for SupportUser
|
||||
Write-Host "Welcome, $authorizedUser. Access granted."
|
||||
|
||||
|
||||
# 4. Define the list of registry keys to modify
|
||||
$registryKeys = @(
|
||||
"HKLM:\SOFTWARE\Classes\PCDLRN.Application",
|
||||
"HKCU:\SOFTWARE\Hexagon"
|
||||
"HKCU:\SOFTWARE\WAI"
|
||||
"HKLM:\SOFTWARE\Hexagon"
|
||||
"HKLM:\SOFTWARE\WAI"
|
||||
"HKLM:\SOFTWARE\Wow6432Node\Hexagon"
|
||||
"HKLM:\SOFTWARE\Wow6432Node\WAI"
|
||||
"Registry::HKU\.DEFAULT\SOFTWARE\Hexagon"
|
||||
"Registry::HKU\.DEFAULT\SOFTWARE\WAI"
|
||||
)
|
||||
|
||||
# 5. Define the permission rule details
|
||||
$identity = "BUILTIN\Users" # The target group
|
||||
$rights = "FullControl" # Permission level
|
||||
$inheritance = "ContainerInherit, ObjectInherit" # Applies to subkeys and values
|
||||
$propagation = "None"
|
||||
$type = "Allow"
|
||||
|
||||
# 6. Create the Access Rule object
|
||||
$accessRule = New-Object System.Security.AccessControl.RegistryAccessRule($identity, $rights, $inheritance, $propagation, $type)
|
||||
|
||||
# 7. Loop through each key and apply the new rule
|
||||
foreach ($keyPath in $registryKeys) {
|
||||
try {
|
||||
if (Test-Path $keyPath) {
|
||||
Write-Host "Applying permissions to: $keyPath" -ForegroundColor Cyan
|
||||
|
||||
# Get existing ACL (Access Control List)
|
||||
$acl = Get-Acl -Path $keyPath
|
||||
|
||||
# Add the new rule to the existing ACL
|
||||
$acl.SetAccessRule($accessRule)
|
||||
|
||||
# Apply the updated ACL back to the registry key
|
||||
Set-Acl -Path $keyPath -AclObject $acl
|
||||
|
||||
Write-Host "Success!" -ForegroundColor Green
|
||||
} else {
|
||||
Write-Warning "Registry key not found: $keyPath"
|
||||
}
|
||||
} catch {
|
||||
Write-Error "Failed to update $keyPath. Error: $($_.Exception.Message)"
|
||||
}
|
||||
}
|
||||
|
||||
# 8. Define the list of root folders to modify
|
||||
$folderPaths = @(
|
||||
"C:\Program Files\Hexagon",
|
||||
"C:\Program Files\WAI",
|
||||
"C:\Program Files (x86)\Hexagon"
|
||||
"C:\Program Files (x86)\WAI"
|
||||
"C:\ProgramData\Hexagon"
|
||||
"C:\ProgramData\WAI"
|
||||
)
|
||||
|
||||
# 9. Define the permission rule details
|
||||
$identity = "BUILTIN\Users" # The target group
|
||||
$rights = "FullControl" # Permission level
|
||||
$inheritance = "ContainerInherit, ObjectInherit" # Applies to subfolders and files
|
||||
$propagation = "None"
|
||||
$type = "Allow"
|
||||
|
||||
# 10. Create the Access Rule object
|
||||
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($identity, $rights, $inheritance, $propagation, $type)
|
||||
|
||||
# 11. Loop through each folder path and apply the new rule
|
||||
foreach ($path in $folderPaths) {
|
||||
try {
|
||||
if (Test-Path $path) {
|
||||
Write-Host "Applying permissions to: $path" -ForegroundColor Cyan
|
||||
|
||||
# Get existing ACL (Access Control List)
|
||||
$acl = Get-Acl -Path $path
|
||||
|
||||
# Add the new rule to the existing ACL
|
||||
$acl.SetAccessRule($accessRule)
|
||||
|
||||
# Apply the updated ACL back to the folder
|
||||
Set-Acl -Path $path -AclObject $acl
|
||||
|
||||
Write-Host "Success!" -ForegroundColor Green
|
||||
} else {
|
||||
Write-Warning "Folder not found: $path"
|
||||
}
|
||||
} catch {
|
||||
Write-Error "Failed to update $keyPath. Error: $($_.Exception.Message)"
|
||||
}
|
||||
}
|
||||
pause
|
||||
exit 1
|
||||
Stop-Transcript
|
||||
Reference in New Issue
Block a user